Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20965 | 1 Google | 1 Android | 2024-10-09 | N/A | 9.8 CRITICAL |
| In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34542 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-07 | N/A | 5.7 MEDIUM |
| Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | |||||
| CVE-2024-37187 | 1 Advantech | 2 Adam-5550, Adam-5550 Firmware | 2024-10-07 | N/A | 5.7 MEDIUM |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | |||||
| CVE-2024-39278 | 1 Echostar | 2 Fusion, Hughes Wl3000 | 2024-10-04 | N/A | 4.6 MEDIUM |
| Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. | |||||
| CVE-2024-20489 | 1 Cisco | 1 Ios Xr | 2024-10-03 | N/A | 5.5 MEDIUM |
| A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials. | |||||
| CVE-2024-3082 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | N/A | 4.6 MEDIUM |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | |||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | N/A | 5.5 MEDIUM |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | |||||
| CVE-2024-44815 | 1 Hathway | 2 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware | 2024-09-25 | N/A | 4.6 MEDIUM |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | |||||
| CVE-2024-47162 | 1 Jetbrains | 1 Youtrack | 2024-09-24 | N/A | 5.3 MEDIUM |
| In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | |||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2024-09-21 | N/A | 5.5 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
| CVE-2024-8777 | 1 Syscomgo | 1 Omflow | 2024-09-20 | N/A | 7.5 HIGH |
| OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | |||||
| CVE-2024-31415 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2024-09-19 | N/A | 8.1 HIGH |
| The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | |||||
| CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | |||||
| CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2024-09-17 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | |||||
| CVE-2021-32039 | 1 Mongodb | 1 Mongodb | 2024-09-17 | 2.1 LOW | 5.5 MEDIUM |
| Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 | |||||
| CVE-2023-43905 | 1 Writercms | 1 Writercms | 2024-09-11 | N/A | 7.5 HIGH |
| Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | |||||
| CVE-2024-39818 | 1 Zoom | 4 Rooms, Workplace, Workplace Desktop and 1 more | 2024-09-11 | N/A | 6.5 MEDIUM |
| Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | |||||
| CVE-2019-14929 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-09-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. | |||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | N/A | 9.1 CRITICAL |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | |||||
| CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2024-08-23 | N/A | 7.5 HIGH |
| In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | |||||